Add notify MFA module

This commit is contained in:
Jason Hu 2018-08-31 23:34:36 -07:00 committed by GitHub
parent d20ed0c81e
commit 197a87b5e6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -42,7 +42,7 @@ Below is a list of currently available auth providers.
[Time-based One-Time Password](https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm) is widely adopted in modern authencation system, it combines a secret key with the current timestamp using a cryptographic hash function to generate a one-time password. Whoever possessed the secret key will get same one-time password in certain time period. By verifying that password, Home Assistant knows the user have the right secrt key.
When try to set up TOTP module, a QR code will show up, user can scan it by an authenticator app, or set it up manauly using the code showed in UI. After setup, user need to input a six digit number generate in the autendicator app to verify the setup is good. If the verificaiton keep falling, you need to check whether the clock on Home Asistant is accurate.
When try to set up TOTP module, a QR code will show up, user can scan it by an authenticator app, or set it up manauly using the code showed in UI. After setup, user need to input a six digit number generate in the authenticator app to verify the setup is good. If the verificaiton keep falling, you need to check whether the clock on Home Asistant is accurate.
There are several authenctior apps on the market, we recommend either [Google Authenticator](https://support.google.com/accounts/answer/1066447) or [Authy](https://authy.com/)
@ -51,7 +51,7 @@ Please treat the secret key like a password, never exposure it to others.
</p>
By default one TOTP multi-factor named "Authenticator app" will be auto loaded if no `auth_mfa_modules` config section defined in `configuration.yaml`.
By default one TOTP multi-factor auth module named "Authenticator app" will be auto loaded if no `auth_mfa_modules` config section defined in `configuration.yaml`.
Example of configuration
@ -59,4 +59,42 @@ Example of configuration
homeassistant:
auth_mfa_modules:
- type: totp
```
```
### {% linkable_title Notify mutli-factor authentication module %}
Notify MFA module using [notify component](https://www.home-assistant.io/components/notify/) to delivery a [HMAC-based One-Time Password](https://en.wikipedia.org/wiki/HMAC-based_One-time_Password_algorithm) to user configured target.
User need first set up the MFA module by select one of the aviliable notify service. A six digit one-time password will be sent by this notify service, user need to input it to verify the setup.
During the login process, a six digit one-time password will be sent again, user need to input it to verify his/her identity. If the validation failed, a new one-time password will be sent again.
<p class='note'>
Notify MFA module would not verify the one-time password deliveried success, so that if user cannot received the message due any reason, he/she may not be login again. Edit or remove `[your_config_dir]/.storage/auth_module.notify` can disable nofiy MFA module to resolve the issue.
</p>
By default notify MFA module will be auto loaded if no `auth_mfa_modules` config section defined in `configuration.yaml`. However if you don't have any notify component configured, user cannot enable notify MFA module.
Example of configuration
```yaml
homeassistant:
auth_mfa_modules:
- type: notify
```
Optional configuration variables:
- **exclude** (*Optional*): The list of notify services you do not want to include in.
- **include** (*Optional*): The list of notify services you want to include in.
- **message** (*Optional*): The message template
```yaml
# Example configure with message template
homeassistant:
auth_mfa_modules:
- type: totp
name: Authenticator app
- type: notify
message: 'I almost forget, to get into my clubhouse, you need to say {}'
```